EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Validation Certificate PFX always returns code 128

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#20558
Posted: 06/20/2012 15:03:46
by Marcelo Vargas (Standard support level)
Joined: 06/06/2012
Posts: 21

I created a function to validate the certificate before using. Reason returns 0 when windows license but always returns code 128 when a PFX certificate :

private bool ValidaCertificado(TElX509Certificate certificate)
{
StringBuilder sMsg = new StringBuilder();
int _reason = 0;
TSBCertificateValidity validity = TSBCertificateValidity.cvInvalid;
if (certificate.CertStorage is TElWinCertStorage)
{
TElWinCertStorage certstorage = new TElWinCertStorage();
certstorage.SystemStores.Add("MY");
validity = certstorage.Validate(certificate, ref _reason, true, DateTime.Now);
}
else
{
TElX509CertificateValidator CertificateValidator = new TElX509CertificateValidator();
CertificateValidator.Validate(certificate, ref validity, ref _reason);
}
if (validity != TSBCertificateValidity.cvOk)
{
sMsg.Append("A certificado '");
sMsg.Append(certificate.SubjectName.CommonName);
sMsg.Append("' não é válido. ");
sMsg.AppendLine(retornaValidity(validity, _reason));
return false;
}
return true;
}
#20561
Posted: 06/20/2012 18:32:16
by Ken Ivanov (EldoS Corp.)

Marcelo,

Reason 128 stands for vrCRLNotVerified constant. This means that the component was unable to retrieve a CRL or to validate a certificate against it.

Please note that TElCustomCertStorage.Validate() method only performs basic chain validation; in particular, with limited revocation checking. We recommend using TElX509CertificateValidator for comprehensive validations.
#20582
Posted: 06/21/2012 13:14:46
by Marcelo Vargas (Standard support level)
Joined: 06/06/2012
Posts: 21

This problem occurs because the CRL of the certificate is not updated on the local machine. I can get the URL that contains the certificate and CRL download it. How do I install, can you show me an example
#20583
Posted: 06/21/2012 13:23:37
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

If you'll use TElX509CertificateValidator to validate a certificate and the CRL URL is present in certificates's extensions then you should simply initialize CRL retrievers as its described here: http://www.eldos.com/documentation/sb...dator.html In this case CRL will be downloaded and used automatically.
#20584
Posted: 06/21/2012 13:49:54
by Marcelo Vargas (Standard support level)
Joined: 06/06/2012
Posts: 21

There is a Sample App in the directory that demonstrate how to use? It was not clear to me an example would help a lot
#20585
Posted: 06/21/2012 14:02:49
by Eugene Mayevski (EldoS Corp.)

Please search for "TElX509CertificateValidator" in Samples\C# folder. Some (not all) samples show how to use the validator.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 1106 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!